cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

Ever use Timehop?

Timehop was an app that would scrape your social media and "remind" you of anniversaries at a later date.

 

As such, it had to have permission to access your social media.

 

Well, it got hacked.  (Well, maybe I shouldn't say it got hacked, since that implies some intelligence and sophistication on the part of the attackers.  Actually, Timehop was just careless about passwords.)

 

Which means that someone has your passwords.  Well, access tokens, anyway.  (If you ever used Timehop, that is.)

 

Do you really need to give that app access to your accounts?  (Not just Timehop, of course.  Lots and lots and lots of apps ...)


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
1 Reply
Shannon
Community Champion

 

In my case, there's usually one of 3 outcomes:-

 

  1. An app asks for full access to resources during installation --- which I may not grant unless I see them as necessary. If installation continues & the app runs without these, well and good.
  2. An app fails to install unless I grant access, in which case I'll give it access during installation, but revoke the permissions in the security settings immediately after. If the app still runs after that, well and good.
  3. An app fails to run after I revoke permissions in the security settings, unless I again grant access. At this point I'll decide on whether I can do without the app.

In my opinion, it isn't worth compromising security to attain functionality that isn't essential...

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz